<?php
 

define('IN_SCRIPT',1);

/* Get all the required files and functions */
require_once('hd_settings.inc.php');
require_once('language/'.$hd_settings['language'].'.inc.php');
require_once('inc/common.inc.php');

/* Connect to database */
require_once('inc/database.inc.php');
hd_dbConnect() or hd_error("$hdlang[cant_connect_db] $hdlang[contact_webmsater] $hd_settings[webmaster_mail]!");

hd_session_start();
hd_isLoggedIn();
/* Must be administrator to access this page */
hd_isAdmin();

/* Print header */
require_once('inc/header.inc.php');

/* What should we do? */
$action=hd_input($_REQUEST['a']);
if ($action == 'new') {new_user();}
elseif ($action == 'edit') {edit_user();}
elseif ($action == 'save') {update_user();}
elseif ($action == 'remove') {remove();}
else {

/* Print main manage users page */
require_once('inc/show_admin_nav.inc.php');
?>

</td>
</tr>
<tr>
<td>

<script language="Javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo $hdlang['sure_remove_user']; ?>')) {return true;}
else {return false;}
}
//-->
</script>

<h3 align="center"><?php echo $hdlang['manage_users']; ?></h3>

<p><?php echo $hdlang['users_intro']; ?></p>

<div align="center">
<center>
<table border="0" width="750" cellspacing="1" cellpadding="3" class="white">
<tr>
<td class="admin_white"><?php echo $hdlang['name']; ?></td>
<td class="admin_white"><?php echo $hdlang['email']; ?></td>
<td class="admin_white"><?php echo $hdlang['username']; ?></td>
<td class="admin_white"><?php echo $hdlang['pass']; ?></td>
<td class="admin_white"><?php echo $hdlang['administrator']; ?></td>
<td class="admin_white">&nbsp;</td>
<td class="admin_white">&nbsp;</td>
</tr>

<?php
$sql = "SELECT * FROM `hd_users` WHERE 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

$i=1;

while ($myuser=hd_dbFetchAssoc($result))
{
    if ($i) {$color="admin_gray"; $i=0;}
    else {$color="admin_white"; $i=1;}

    if ($myuser['isadmin']) {$myuser['isadmin']="<font class=\"open\">$hdlang[yes]</font>";}
    else {$myuser['isadmin']="<font class=\"resolved\">$hdlang[no]</font>";}

    /* Deleting user with ID 1 (default administrator) is not allowed */
    if ($myuser['id'] == $_SESSION['id'])
    {
        $edit_code="<a href=\"profile.php\">$hdlang[edit]</a>";
        $remove_code="&nbsp;";
    }
    else
    {
        $edit_code="<a href=\"manage_users.php?a=edit&id=$myuser[id]\">$hdlang[edit]</a>";
        if ($myuser['id'] == 1) {
            $remove_code="&nbsp;";
        } else {
            $remove_code="<a href=\"manage_users.php?a=remove&id=$myuser[id]\" onclick=\"return confirm_delete();\">$hdlang[remove]</a>";
        }
    }

echo <<<EOC
<tr>
<td class="$color">$myuser[name]</td>
<td class="$color"><a href="mailto:$myuser[email]">$myuser[email]</a></td>
<td class="$color">$myuser[user]</td>
<td class="$color">$myuser[pass]</td>
<td class="$color">$myuser[isadmin]</td>
<td class="$color" align="center">$edit_code</td>
<td class="$color" align="center">$remove_code</td>
</tr>

EOC;
} // End while
?>
</table>
</center>
</div>

<p>&nbsp;</p>

<hr width="750">

<h3 align="center"><?php echo $hdlang['add_user']; ?></h3>

<p align="center"><?php echo $hdlang['req_marked_with']; ?> <font class="important">*</font></p>

<form name="form1" action="manage_users.php" method="POST">

<!-- Contact info -->
<table border="0">
<tr>
<td align="right" width="200"><?php echo $hdlang['real_name']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="text" name="name" size="25"
maxlength="50"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['email']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="text" name="email" size="30"
maxlength="255"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['username']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="text" name="user" size="25"
maxlength="20"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['pass']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="password" name="newpass" size="30"
maxlength="20"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['confirm_pass']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="password" name="newpass2" size="30"
maxlength="20"></td>
</tr>
<tr>
<td align="right" valign="top" width="200"><?php echo $hdlang['administrator']; ?>: <font class="important">*</font></td>
<td align="left" valign="top" width="550"><label><input type="radio" name="isadmin" value="1">
<?php echo $hdlang['yes']; ?></label> |
<label><input type="radio" name="isadmin" value="0" checked> <?php echo $hdlang['no']; ?></label></td>
</tr>
<tr>
<td align="right" valign="top" width="200"><?php echo $hdlang['allowed_cat']; ?>: <font class="important">*</font></td>
<td align="left" valign="top" width="550">
<?php
$sql_private = "SELECT * FROM `hd_residences` ORDER BY `cat_order` ASC";
$result = hd_dbQuery($sql_private) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

while ($row=hd_dbFetchAssoc($result))
{
    echo "
    <label><input type=\"checkbox\" name=\"residences[]\" value=\"$row[id]\"> $row[name]</label><br>
    ";
}

?>
</td>
</tr>
<tr>
<td align="right" valign="top" width="200"><?php echo $hdlang['signature_max']; ?>:</td>
<td align="left" width="550"><textarea name="signature" rows="6" cols="40"></textarea><br>
 </td>
</tr>
</table>

<!-- Submit -->
<p align="center"><input type="hidden" name="a" value="new">
<input type="submit" value="<?php echo $hdlang['create_user']; ?>" class="button"></p>

</form>

<p>&nbsp;</p>

<!-- HR -->
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
exit();

} // End else


/*** START FUNCTIONS ***/

function edit_user()
{
global $hd_settings, $hdlang;

$id=hd_isNumber($_GET['id'],"$hdlang[int_error]: $hdlang[no_valid_id]");

$sql = "SELECT * FROM `hd_users` WHERE `id`=$id LIMIT 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
$myuser=hd_dbFetchAssoc($result);

/* Print main manage users page */
require_once('inc/show_admin_nav.inc.php');
?>

</td>
</tr>
<tr>
<td>

<h3 align="center"><?php echo $hdlang['editing_user'].' '.$myuser['user']; ?></h3>

<p align="center"><?php echo $hdlang['req_marked_with']; ?> <font class="important">*</font></p>

<form method="post" action="manage_users.php">

<!-- Contact info -->
<table border="0">
<tr>
<td align="right" width="200"><?php echo $hdlang['real_name']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="text" name="name" size="25"
maxlength="50" value="<?php echo $myuser[name]; ?>"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['email']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="text" name="email" size="30"
maxlength="255" value="<?php echo $myuser[email]; ?>"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['username']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="text" name="user" size="25"
maxlength="20" value="<?php echo $myuser[user]; ?>"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['pass']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="password" name="newpass" size="30"
maxlength="20" value="<?php echo $myuser[pass]; ?>"></td>
</tr>
<tr>
<td align="right" width="200"><?php echo $hdlang['confirm_pass']; ?>: <font class="important">*</font></td>
<td align="left" width="550"><input type="password" name="newpass2" size="30"
maxlength="20" value="<?php echo $myuser[pass]; ?>"></td>
</tr>
<tr>
<td align="right" valign="top" width="200"><?php echo $hdlang['administrator']; ?>: <font class="important">*</font></td>
<td align="left" valign="top" width="550">
<?php
if ($myuser[isadmin]) {
    echo "
    <input type=\"radio\" name=\"isadmin\" value=\"1\" checked> $hdlang[yes] |
    <input type=\"radio\" name=\"isadmin\" value=\"0\"> $hdlang[no]"
    ;
} else {
    echo "
    <input type=\"radio\" name=\"isadmin\" value=\"1\"> $hdlang[yes] |
    <input type=\"radio\" name=\"isadmin\" value=\"0\" checked> $hdlang[no]"
    ;
}
?></td>
</tr>
<tr>
<td align="right" valign="top" width="200"><?php echo $hdlang['allowed_cat']; ?>: <font class="important">*</font></td>
<td align="left" valign="top" width="550">
<?php
$sql_private = "SELECT * FROM `hd_residences` ORDER BY `cat_order` ASC";
$result = hd_dbQuery($sql_private) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

$res=substr($myuser['residences'], 0, -1);
$myuser['residences']=explode(",",$res);

while ($row=hd_dbFetchAssoc($result))
{
    if (in_array($row[id],$myuser['residences'])) {
    echo "
    <input type=\"checkbox\" name=\"residences[]\" value=\"$row[id]\" checked>$row[name]<br>
    ";
    } else {
    echo "
    <input type=\"checkbox\" name=\"residences[]\" value=\"$row[id]\">$row[name]<br>
    ";
    }
}

?>
</td>
</tr>
<tr>
<td align="right" valign="top" width="200"><?php echo $hdlang['signature_max']; ?>:</td>
<td align="left" width="550"><textarea name="signature" rows="6" cols="40"><?php echo $myuser[signature]; ?></textarea><br>
 .</td>
</tr>
</table>

<!-- Submit -->
<p align="center"><input type="hidden" name="a" value="save">
<input type="hidden" name="userid" value="<?php echo $myuser[id]; ?>">
<input type="submit" value="<?php echo $hdlang['save_changes']; ?>" class="button"></p>

</form>

<p>&nbsp;</p>

<!-- HR -->
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
exit();
} // End edit_user()


function new_user() {
global $settings, $hdlang;

$myuser=hd_validateUserInfo();

$sql = "INSERT INTO `hd_users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`residences`)
VALUES ('$myuser[user]',MD5('$myuser[pass]'),'$myuser[isadmin]','$myuser[name]',
'$myuser[email]','$myuser[signature]','$myuser[residences]')";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

/* Print admin navigation */
require_once('inc/show_admin_nav.inc.php');
?>

</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>
<h3 align="center"><?php echo $hdlang['user_added']; ?></h3>

<p>&nbsp;</p>

<p align="center"><?php printf($hdlang['user_added_success'],$myuser['user'],$myuser['pass']); ?>!</p>

<p align="center"><a href="manage_users.php"><?php echo $hdlang['manage_users']; ?></a> |
<a href="admin_main.php"><?php echo $hdlang['main_page']; ?></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>

<!-- HR -->
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
exit();
} // End new_user()


function update_user() {
global $settings, $hdlang;

$myuser=hd_validateUserInfo();
$myuser['id']=hd_isNumber($_POST['userid'],"$hdlang[int_error]: $hdlang[no_valid_id]");

$sql = "UPDATE `hd_users` SET `user`='$myuser[user]',`name`='$myuser[name]',`email`='$myuser[email]',
`signature`='$myuser[signature]',`pass`=MD5('$myuser[pass]'),`residences`='$myuser[residences]',
`isadmin`='$myuser[isadmin]' WHERE `id`=$myuser[id] LIMIT 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
if (hd_dbAffectedRows() != 1) {hd_error($hdlang['user_not_found_nothing_edit']);}

/* Print admin navigation */
require_once('inc/show_admin_nav.inc.php');
?>

</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>
<h3 align="center"><?php echo $hdlang['profile_updated']; ?></h3>

<p>&nbsp;</p>

<p align="center"><?php echo $hdlang['user_profile_updated_success']; ?>.</p>

<p align="center"><a href="manage_users.php"><?php echo $hdlang['manage_users']; ?></a> |
<a href="admin_main.php"><?php echo $hdlang['main_page']; ?></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>

<!-- HR -->
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
exit();
} // End update_profile()

function hd_validateUserInfo() {
global $hdlang;

$myuser['name']=hd_input($_POST['name'],$hdlang['enter_real_name']);
$myuser['email']=hd_validateEmail($_POST['email'],$hdlang['enter_valid_email']);
$myuser['user']=hd_input($_POST['user'],$hdlang['enter_username']);
$myuser['signature']=hd_input($_POST['signature']);
$myuser['isadmin']=hd_isNumber($_POST['isadmin'],"$hdlang[int_error]: no valid isadmin");

$myuser['residences']='';
if (empty($myuser['isadmin'])) {
hd_input($_POST['residences'],$hdlang['asign_one_cat']);
    foreach ($_POST['residences'] as $res)
    {
        $myuser['residences'].="$res,";
    }
}

if (strlen($myuser['signature'])>255) {hd_error($hdlang['signature_long']);}

$newpass=hd_PasswordSyntax($_POST['newpass'],$hdlang['password_not_valid']);
$newpass2=hd_input($_POST['newpass2'],$hdlang['confirm_user_pass']);
if ($newpass != $newpass2) {hd_error($hdlang['passwords_not_same']);}
$myuser['pass']=$newpass;

return $myuser;

} // End hd_validateUserInfo()


function remove() {
global $settings, $hdlang;

$myuser=hd_isNumber($_GET['id'],$hdlang['no_valid_id']);
if ($myuser == 1) {hd_error($hdlang['cant_del_admin']);}
if ($myuser == $_SESSION['id']) {hd_error($hdlang['cant_del_own']);}

$sql = "DELETE FROM `hd_users` WHERE `id`=$myuser LIMIT 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
if (hd_dbAffectedRows() != 1) {hd_error("$hdlang[int_error]: $hdlang[user_not_found].");}

/* Print admin navigation */
require_once('inc/show_admin_nav.inc.php');
?>

</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>
<h3 align="center"><?php echo $hdlang['user_removed']; ?></h3>

<p>&nbsp;</p>

<p align="center"><?php echo $hdlang['sel_user_removed']; ?>!</p>

<p align="center"><a href="manage_users.php"><?php echo $hdlang['manage_users']; ?></a> |
<a href="admin_main.php"><?php echo $hdlang['main_page']; ?></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>

<!-- HR -->
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
exit();
} // End remove()

?>
